PGS9-00-007700 - PostgreSQL must generate time stamps, for audit records and application data, with a minimum granularity of one second.

Information

Without sufficient granularity of time stamps, it is not possible to adequately determine the chronological order of records.

Time stamps generated by PostgreSQL must include date and time. Granularity of time measurements refers to the precision available in time stamp values. Granularity coarser than one second is not sufficient for audit trail purposes. Time stamp values are typically presented with three or more decimal places of seconds; however, the actual granularity may be coarser than the apparent precision. For example, PostgreSQL will always return at least millisecond timestamps but it can be truncated using EXTRACT functions: SELECT EXTRACT(MINUTE FROM TIMESTAMP '2001-02-16 20:38:40');.

Solution

Note: The following instructions use the PGDATA and PGVER environment variables. See supplementary content APPENDIX-F for instructions on configuring PGDATA and APPENDIX-H for PGVER.

PostgreSQL will not log anything if logging is not enabled. To ensure that logging is enabled, review supplementary content APPENDIX-C for instructions on enabling logging.

If logging is enabled the following configurations must be made to log events with time stamps:

First, as the database administrator (shown here as 'postgres'), edit postgresql.conf:

$ sudo su - postgres
$ vi ${PGDATA?}/postgresql.conf

Add %m to log_line_prefix to enable time stamps with milliseconds:

log_line_prefix = '< %m >'

Now, as the system administrator, reload the server with the new configuration:

# SYSTEMD SERVER ONLY
$ sudo systemctl reload postgresql-${PGVER?}

# INITD SERVER ONLY
$ sudo service postgresql-${PGVER?} reload

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_PGS_SQL_9-x_V2R5_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-8b., CAT|II, CCI|CCI-001889, Rule-ID|SV-214115r961446_rule, STIG-ID|PGS9-00-007700, STIG-Legacy|SV-87637, STIG-Legacy|V-72985, Vuln-ID|V-214115

Plugin: PostgreSQLDB

Control ID: 8d6a4d1ef4cb672e927b2f4490506fcf4bc764c85494370a3895315746625a47